217 MT prep

Key Terms: Chapter 1 • Acceptable use policy (AUP) o An organization-wide policy that defines what is allowed and disallowed regarding use of IT assets by employees and authorized contractors. • Application gateway firewalls (proxy firewalls) o A network device or computer that serves as a firewall and an intermediary between internal computers and computers on the Internet. • Availability o is a mathematical calculation where A = (Total Uptime) / (Total Uptime + Total Downtime). • Biometrics o A physiological or behavioral human-recognition system (e.g., fingerprint reader, a retina scanner, a voice-recognition reader, etc.). • Blackberry o Phone brand • Business continuity plan (BCP) o A plan for how to handle outages to IT systems, applications, and data access in order to maintain business operations. • Business impact analysis (BIA) o A prerequisite analysis for a business continuity plan that prioritizes business operations and functions and their associated IT systems, applications, and data and the impact of an outage or downtime. • Carrier Sense Multiple Access/Collision Detection (CSMA/CD) o The IEEE 802.3 Local Area Network standard for access and collision detection on an Ethernet Local Area Network segment. • Certified Information Systems Security Professional CISSP® o A globally recognized information systems security professional certification offered by (ISC)2. o certification for more experienced professionals. Obtaining the CISSP® professional certification requires the following: passing a certification exam, having at least five years of experience working in the information system security field, adhering to a code of ethics, and submitting continuing professional education (CPE) credits to maintain your certification. • Children’s Internet Protection Act (CIPA) o A federal law enacted by Congress to address concerns about access to offensive content over the Internet on school and library computers where children and minors have access. • Ciphertext o Encrypted data, the opposite of cleartext. Data sent as ciphertext is not intelligible or decipherable. • Cleartext o Unencrypted data, the opposite of ciphertext. Data sent as cleartext is readable and understandable. • Confidentiality

o The requirement to keep information private or secret. • Content filtering o The blocking of specific keywords or phrases in domain-name and URL lookups. Specific URLs and domain names can be prevented from being accessed with web content filtering enabled. • Cryptogram o A small encrypted message. • Cybersecurity o The act of securing and protecting individuals, businesses, organizations, and governments that are connected to the Internet and the Web. • Cyberspace o The global online virtual world created by the Internet where individuals, businesses, organizations, and governments connect to one another. • Data breach o An incident in which sensitive data is accessed and stolen. • Data classification standard o A definition of different data types with respect to security sensitivity. • Defense in depth o Also named the Castle Approach, the implementation of multiple layers of security (defense) throughout the IT infrastructure (depth). • Demilitarized zone (DMZ) o An exterior network that acts as a buffer zone between the public Internet and an organization’s IT infrastructure (i.e., LAN -to-WAN Domain). • Disaster recovery plan (DRP) o A written plan for how to handle major disasters or outages and recover mission-critical systems, applications, and data. • Downtime o The amount of time that an IT system, application, or data is not available to users. • E-commerce o The buying and selling of goods and services online through a secure website, with payment by credit card or direct debit from a checking account. • Encryption o The act of transforming cleartext data into undecipherable ciphertext. • Ethernet o An IEEE 802.3 CSMA/CD standard for Ethernet networking supporting speeds from 10 Mbps to over 10 Gbps. • Family Educational Rights and Privacy Act (FERPA) o A U.S. federal law that protects the private data of students, including their transcripts and grades, with which K – 12 and higher-education institutions must comply. • Federal Information Security Management Act 2002 (FISMA) o A U.S. federal law that requires U.S. government agencies to protect citizens’ private data and have proper security controls in place. • Federal Information Security Modernization Act 2014 (FISMA)

o A standards body that defines specifications and standards for electronic technology. • Integrity o The validity of information or data. Data with high integrity has not been altered or modified. • International Information Systems Security Certification Consortium (ISC)^2 o The International Information Systems Security Certification Consortium. A nonprofit organization dedicated to certifying information systems security professionals. • Internet o A global network of computer networks that uses the TCP/IP family of protocols and applications to connect nearly 2 billion users. • Internet of Things (IoT) o A term used to refer to the large number of networked devices (e.g., personal items, home appliances, cloud services, vehicles, etc.) that can now connect to the Internet. • Intrusion detection system/intrusion prevention system (IDS/IPS) o Network security appliances typically installed within the LAN-to-WAN Domain at the Internet ingress/egress point to monitor and block unwanted IP traffic. • IP default gateway router o The router interface’s IP address that acts as your LAN’s ingress/egress device. • IP stateful firewall o A device that examines the IP, TCP, and UDP layers within a packet to make blocking or forwarding decisions. Firewalls are placed at the ingress/egress points where networks interconnect. • IT security policy framework o A set of rules for security. The framework is hierarchical and includes policies, standards, procedures, and guidelines. • Layer 2 switch o A network switch that examines the MAC layer address of an IP packet to determine where to send it. A Layer 2 switch supports LAN connectivity, typically via unshielded twisted-pair cabling at 10/100/1000 or 10 Gbps Ethernet speeds. • Layer 3 switch o A network switch that examines the network layer address of an Ethernet frame to determine where to route it. A Layer 3 switch supports LAN connectivity, typically via unshielded twisted-pair cabling at 10/100/1000 or 10 Gbps Ethernet speeds and is the same thing as a router. • Local area network (LAN) o A collection of computers that are connected to one another or to a common medium. Computers on a LAN are generally within an area no larger than a building. • Malicious code o Software written with malicious intent — for example, a computer virus • Malicious software o Software designed to infiltrate one or more target computers and follow an attacker’s instructions. Also called malware. • Mean time between failures (MTBF)

o MTBF is the predicted amount of time between failures of an IT system during production operation. • Mean time to failure (MTTF) o The average amount of time a device is expected to operate before encountering a failure. • Mean time to repair (MTTR) o The average amount of time required to repair a device. • Multiprotocol Label Switching (MPLS) o A wide area network technology that operates at Layer 2 by inserting labels or tags in the packet header for creating virtual paths between endpoints in a WAN infrastructure. This is a faster method of transporting IP packets through the WAN without requiring routing and switching of IP packets. • Honestly over it, just use the textbook (this will prob bite me in the ass in the future) Assessment 1) Information security is specific to securing information, whereas information systems security is focused on the security of the systems that house the information. a) A. True 2) Software manufacturers limit their liability when selling software using which of the following? a) A. End-User License Agreements 3) The __________ tenet of information systems security is concerned with the recovery time objective. a) C. Availability 4) If you are a publicly traded company or U.S. federal government agency, you must go public and announce that you have had a data breach and must inform the impacted individuals of that data breach. a) A. True 5) Organizations that require customer service representatives to access private customer data can best protect customer privacy and make it easy to access other customer data by using which of the following security controls? a) B. Blocking out customer private data details and allowing access only to the last four digits of Social Security numbers or account numbers 6) The __________ is the weakest link in an IT infrastructure. a) E. User Domain 7) Which of the following security controls can help mitigate malicious email attachments? a) Email filtering and quarantining b) Email attachment antivirus scanning c) Verifying with users that email source is reputable d) Holding all inbound emails with unknown attachments e) E. All of the above 8) You can help ensure confidentiality by implementing __________. a) D. A virtual private network for remote access

c) Real-time alerts regarding reminders to pay bills on time d) Online e-commerce and online shopping with direct delivery e) Traffic monitoring sensors that provide real-time updates for traffic conditions 5) Which of the following are impacts of the IoT on our business lives? a) E-commerce b) Integrated supply chain with front-end sales order entry c) Companies now offering delivery services for products and services with real-time updates d) Customer reviews providing consumers with product and service reviews online and with more information about customer satisfaction e) All of the above 6) Which of the following helps support remote teleworking? a) Presence/availability b) IM chat c) Video conferencing d) Collaboration e) All of the above 7) Which is a security challenge that IoT deployments must overcome? a) Congestion of mobile IP traffic b) Secure communication with other IoT devices c) Liability of an IoT device failing to send an update message d) Pricing for software licensing in the IoT device e) Privacy data use sharing agreement 8) Unified messaging provides what functionality for users on the go? a) Voice messages that are converted to audio files and emailed to the user’s emailbox for playback while on the road b) One-to-many communications c) Many-to-many communications d) VoIP communications and messaging e) SIP communications and messaging 9) Which of the following applications can eliminate the need for face-to-face training? a) Audio/video conferencing b) Collaboration c) IM chat d) Presence/availability e) All of the above 10) Why do e-commerce systems need the utmost in security controls? a) It is a PCI DSS standard. b) Private customer data is entered into websites. c) Credit card data is entered into websites. d) Customer retention requires confidence in secure online purchases. e) All of the above 11) Which of the following is not a challenge that must be overcome by IoT deployments? a) Security

b) Availability c) Legal and regulatory d) E-commerce and economic development e) Privacy 12) Typically, data must be _____________ to be shared or used for research purposes. a) Encrypted b) Hashed c) De-identified d) Masked out e) In cleartext The Internet of Things Is Changing How We Live Chapter 3 1) The main goal of a hacker is to steal or compromise IT assets and potentially steal data. a) True b) False 2) Which of the following best describes intellectual property? a) The items a business has copyrighted b) All patents owned by a business c) The unique knowledge a business possesses d) Customer lists e) All of the above 3) Which of the following terms best describes a person with very little hacking skills? a) Hacker b) Script kiddie c) Cracker d) Wannabe e) All of the above 4) A(n) _____ is a software tool that is used to capture packets from a network. a) Packet sniffer 5) Which type of attacks result in legitimate users not having access to a system resource? a) DDoS b) Social engineering c) Man in the middle d) Phishing emails e) SQL injection 6) A SYN flood attack floods a target with invalid or half-open TCP connection requests. a) True b) False 7) Which of the following is an example of social engineering? a) SQL injection b) XML injection c) Security design d) Impersonation

1) Risk management is responding to a negative event when it occurs. a) True b) False 2) With respect to IT security, a risk can result in either a positive or a negative effect. a) True b) False 3) According to PMI, which term describes the list of identified risks? a) Risk checklist b) Risk register c) Risk methodology d) Mitigation list e) All of the above 4) What is the primary purpose of a business impact analysis (BIA)? a) To identify, categorize, and prioritize mission-critical business functions b) To provide a road map for business continuity and disaster recovery planning c) To assist organizations with risk management d) To assist organizations with incident response planning e) All of the above 5) Which of the following terms defines the amount of time it takes to recover a production IT system, application, and access to data? a) Recovery point objective b) Recovery time objective c) Risk exposure time d) Production recovery time e) None of the above 6) The recovery point objective (RPO) defines the last point in time for _______ recovery that can be enabled back into production. a) System b) Application c) Production d) Data e) None of the above 7) Which of the following solutions are used for authenticating a user to gain access to systems, applications, and data? a) Passwords and PINs b) Smart cards and tokens c) Biometric devices d) Digital certificates e) All of the above 8) Which risk management approach requires a distributed approach with business units working with the IT organization? a) OCTAVE b) CRAMM c) NIST SP800-33

d) ISO 27005 e) None of the above 9) The NIST SP800-30 standard is a _______________ management framework standard for performing risk management. a) Risk b) Threat c) Vulnerability d) Security e) None of the above 10) Which term indicates the maximum amount of data loss over a time period? a) RAI b) ROI c) RTO d) RPO e) None of the above 11) Organizations that permit their employees to use their own laptops or smartphone devices and connect to the IT infrastructure describe a policy referred to as: a) RTO b) MDM c) BYOD d) AUP e) None of the above 12) Which of the following are organizational concerns for BYOD and mobility? a) Data ownership b) Privacy c) Lost or stolen device d) Data wiping e) All of the above 13) _____ is the U.S. security-related act that governs regulated health care information. a) HIPAA 14) Which U.S. security-related act governs the security of data specifically for the financial industry? a) GLBA b) COPPA c) HIPAA d) FERPA\ e) None of the above 15) Which of the following business drivers are impacting businesses’ and organizations’ security requirements and implementations? a) Mobility b) Regulatory compliance c) Productivity enhancements d) Always-on connectivity e) All of the above

7) When you log on to a network, you are presented with some combination of username, password, token, smart card, or biometrics. You are then authorized or denied access by the system. This is an example of __________. a) Physical access controls b) Logical access controls c) Group membership policy d) The Biba integrity model e) None of the above 8) Access controls cannot be implemented in various forms, restriction levels, or different levels within the computing environment. a) True b) False 9) Which of the following is an example of a formal model of access control? a) Discretionary access control (DAC) b) Mandatory access control (MAC) c) Nondiscretionary access control d) The Clark and Wilson integrity model e) All of the above 10) Physical access, security bypass, and eavesdropping are examples of how access controls can be __________. a) Stolen b) Compromised c) Audited d) Authorized 11) Challenges to access control include which of the following? a) Laptop loss b) Exploiting hardware c) Eavesdropping d) Exploiting applications e) All of the above 12) When the owner of the resource determines the access and changes permissions as needed, it’s known as __________. a) Mandatory access control (MAC) b) Discretionary access control (DAC) c) Nondiscretionary access control d) Content-dependent access control e) Role-based access control 13) The process of identifying, quantifying, and prioritizing the vulnerabilities in a system is known as a __________. a) Vulnerability policy b) Vulnerability deterrent c) Vulnerability authorization d) Vulnerability assessment 14) The security kernel enforces access control of computer systems.

a) True b) False 15) When it comes to privacy, organizations are concerned about which of the following? a) Liability in harassment suits b) Skyrocketing losses from employee theft c) Productivity losses from employees shopping or performing other nonwork-related tasks online d) All of the above Chapter 6 1) Security administration is the group of individuals responsible for the planning, design, implementation, and monitoring of an organization’s security plan. a) True b) False 2) The security program requires documentation of: a) The security process b) The policies, procedures, and guidelines adopted by the organization c) The authority of the persons responsible for security d) All of the above e) None of the above 3) An organization does not have to comply with both regulatory standards and organizational standards. a) True b) False 4) A(n) ________ is a formal contract between your organization and an outside firm that details the specific services the firm will provide. a) Security event log b) Incident response c) Service-level agreement (SLA) d) Compliance report 5) Which software testing method provides random input to see how software handles unexpected data? a) Injection b) Fuzzing c) Valid error input d) Boundary input 6) In 1989, the IAB issued a statement of policy about Internet ethics. This document is known as ________. a) OECD b) RFC 1087 c) (ISC)2 Code of Ethics Canons d) CompTIA Candidate Code of Ethics e) None of the above

b) Document, data c) Hardware inventory, software development d) Configuration, change 16) More and more organizations use the term ________ to describe the entire change and maintenance process for applications. a) System development life cycle (SDLC) b) System life cycle (SLC) c) System maintenance life cycle (SMLC) d) None of the above 17) When developing software, you should ensure the application does which of the following? a) Has edit checks, range checks, validity checks, and other similar controls b) Checks user authorization c) Checks user authentication to the application d) Has procedures for recovering database integrity in the event of system failure e) All of the above 18) There are several types of software development methods, but most traditional methods are based on the ________ model. a) Modification b) Waterfall c) Developer d) Integration LAB Questions LAB 1: 1. Name at least five applications and tools used in the lab Introduction. a. Wireshark, Nessus, NetWitness Investigator, and FileZilla. 2. What is promiscuous mode? a. Promiscuous mode is where “every data packet can be seen and captured by the sniffer” (Kim, 2016). 3. How does Wireshark differ from NetWitness Investigator? a. NetWitness organizes the traffic to make patterns more noticeable while Wireshark only looks at each packet. 4. Why is it important to select student interface in the Wireshark? a. So that Wireshark can see traffic that is visible to students.

5. What is the command line syntax for running an Intense Scan with Zenmap on a target subnet of 172.30.0.0/24? a. Nmap-T4-A-v 172.30.0.0/24 6. Name at least five different scans that may be performed with Zenmap. a. Intense scan, ping scan, quick scan, regular scan, and slow comprehensive scan. 7. How many different tests (i.e., scripts) did your Intense Scan perform? a. 5 (ARP Ping scan, Parallel DNS resolution, SYN Stealth Scan, Service scan, NSE) 8. Based on your interpretation of the Intense Scan, describe the purpose/results of each tests script performed during the report. a. ARP Ping scan is to detect hosts. The DNS resolution is used to lookup the names of the host that were picked up during the ping scan. The SYN Stealth Scan is used to test for open ports. Service scans can be used to reveal information about its target like its type or version. NSE is used to find the NSE for each host. 9. How many total IP hosts did Zenmap find on the network? a. 5 10. Explain how attackers use common network scanning and analysis tools to compromise networks. a. Attackers use common network scanning to gather information. They can gain access to better help them hack into a network, like what ports are open or even a password that wasn’t encrypted, and see the vulnerabilities that are present. LAB 2: 1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application.

8. What is the major difference between Zenmap and Nessus? a. Nessus is used to perform the vulnerability assessment while Zenmap is used to discover hosts and ports. 9. Why do you need to run both tools like Zenmap and Nessus to complete the reconnaissance phase of the ethical hacking process? a. Both are needed to complete the phase because Zenmap identifies the devices on the network and Nesses is used to record and flag vulnerabilities. 10. What activities can cause a security breach? a. A list of activities that can cause a security breach is DoS and DDoS attacks, unacceptable web-browsing behavior, wiretapping, use of a backdoor access resources, and accidental data modifications (Kim 2016). LAB 3: 1. What are the three fundamental elements of an effective security program for information systems? a. Confidentiality, integrity and availability. 2. Of these three fundamental controls, which two are used by the Domain User Admin to create users and assign rights to resources? a. Confidentiality and integrity. 3. If you can browse a file on a Windows network share, but are not able to copy it or modify it, what type of access controls and permissions are probably configured? a. Those files are mostly locked on a view only mode since the user can look but not touch. This is possible by selecting the List Folder Contentes in the Permissions window in files.

4. What is the mechanism on a Windows server where you can administer granular policies and permissions on a Windows network using role-based access? a. Windows Group Policy editor. 5. What is two-factor authentication, and why is it an effective access control technique? a. Two-factor authentication is a two-step login that requires something that is known and another form of authentication like face ID. It is effective because a user, malicious or not, is required to pass multiple layers of authentication just to access one thing. 6. Relate how Windows Server Active Directory and the configuration of access controls achieve CIA for departmental LANs, departmental folders, and data. a. CIA is achieved by creating users, assigning those users to groups, and applying those groups to their respected resources in the domain. This allows the administrator to set up authentication using the Active Directory Domain authentication policies but also being able to build up a series of lists that are used to control the access to domain resources. 7. Is it good practice to include the account or username in the password? Why or why not? a. No, because the username is typically easy to figure out and it is normally visible on the login screen. 8. What is Role-based access control (RBAC)? a. The access granted to a user is based off of their jobs. 9. Name at least three ways access controls can be compromised? Explain a. Eavesdropping via observation is when information is left out normally on accident, like leaving data out on a table, and someone can know ‘access’ the data (Kim 2016).